05-29-2008 05:42 AM - edited 02-21-2020 03:44 PM
Hi, I would like to buld a site to siet vpn between 2 routers and behind nat:
172.16.0.0/24
|
|
91.103.32.1/24 (public)
|
|
100.2.3.4/24 (piublic)
|
|
192.168.20.1/24 (private)
I can easily assign a crypto map with 192.168.20.0/24 and peer destination 91.103.32.1 But how do i specify from 91.103.32.1 the peer address destination which is 192.168.20.1 but not directly "routable" because behind nat
Is there a way, a solution to make ipsec tunnels site to site but wit server client, kind of dynamic ipsec tunnel where one of the site initiate the tunnel to the server ...
regards,
alexandre durand
05-29-2008 10:56 AM
just peer with the public IP of each side. if one side changes or is using a nat pool (instead of one to one nat) you will have to use another option, like dynamic crypto maps..
05-29-2008 11:46 AM
Crypto maps are applied to the "external" interfaces, and peer statements in the crypto maps would reference the far-side "external" interface address.
Crypto ACLs would reference the "internal" network IDs, to identify traffic that requires crypto treatment.
If you are interested in dynamic crypto maps with control over which device initiates tunnel setup, you might want to read up on the "Easy VPN Remote" feature.
There are multiple modes that can be used on the remote side.
05-30-2008 01:29 AM
Thank you for you replies there are 2 options either easy vpn client but it requires cisco at the other end ...or that one:
crypto keyring spokes
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
crypto isakmp profile L2L
description LAN-to-LAN for spoke router(s) connection
keyring spokes
match identity address 0.0.0.0
here is the cisco url link where u can find further information about it:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801dddbb.shtml
I m gonna test those 2 options
I still don t know how to push acl with easy vpn client and remote mode.
thank you for your advices
regards,
alex
regards,
alex
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: